What's New in Windows NT 4.0 RAS

Some of the most exciting changes in Windows NT 4.0 are the enhancements to NT's remote networking services. In NT 3.51, Microsoft referred collectively to the client and server versions of its remote networking services as Remote Access Service (RAS). However, in NT 4.0, Microsoft renamed the client version Dial-Up Networking (DUN) for consistency with its Windows 95 counterpart. However, the server version retains the name RAS, and Remote Access Service still appears on the Services tab of Control Panel's Network applet.

Instead of being just a pretty new face on the same old product, NT 4.0's remote networking services deliver significantly increased functionality that addresses many RAS users' woes. For example, now you can combine multiple RAS devices to increase total available bandwidth, create virtual private networks (VPNs) using the Internet as a WAN backbone, and customize a new AutoDial feature to control how and when to automatically dial a remote connection.

RAS Overview As a quick overview, RAS is Microsoft's name for its remote-node networking technology. In RAS, a client PC connects to a remote machine or network over an analog, Integrated Services Digital Networking (ISDN), X.25, or null modem connection. Ordinarily, this connection is between an NT, Win95, or Windows for Workgroups (WFW) workstation that runs a client version of RAS (a.k.a. Dial-Up Networking) and an NT Workstation or NT Server PC that runs a server version of RAS. However, Microsoft supports Point-to-Point Protocol (PPP), the industry-standard remote-access protocol, so you can use non-Microsoft PPP-capable products on either side of the connection. Once connected, remote users can access the same network resources that they can access when they connect directly to the LAN.

Both NT 4.0 Workstation and Server include a server version of RAS; the primary difference is that NT Server's RAS supports up to 256 simultaneous inbound connections, and NT Workstation supports only 1. Microsoft provides RAS clients for NT, Win95, WFW, and MS-DOS. RAS connections can use one or more of the big three network protocols: NetBEUI, IPX, and TCP/IP.

Dial-Up Networking The first and most obvious change you'll notice when you run NT 4.0's new RAS client, DUN, is its appearance. Microsoft modified NT 3.51's RAS client to better use NT 4.0's Explorer interface. To find the icon for DUN, click the Start button, choose Programs, and look in Accessories. As with Win95, you can also find the DUN icon by double-clicking the My Computer icon on the desktop. Double-click the DUN icon to start the program.

The first time you run DUN, the New Phonebook Entry Wizard starts automatically to assist you with creating a new phonebook entry. The Wizard asks some basic configuration questions, but you'll probably also need to edit the entry's properties to provide additional information (such as logon options and protocol settings) about the server you're calling. (To bypass the Wizard and set up the phonebook entry manually, select the check box displayed in the Wizard's first step.)

Accessing the main Dial-Up Networking dialog Once you've created a phonebook entry with the New Phonebook Entry Wizard, you will then see the dialog shown in Screen 1. A drop-down list box shows all your Phonebook entries, and the More button provides a list of options applicable to the currently selected entry. You can add new phonebook entries from here using the New button, which either starts the New Phonebook Entry Wizard or displays the New Phonebook Entry dialog if you've disabled the Wizard.

Multilink RAS: A Boon to Bandwidth Microsoft integrated several new technologies into NT 4.0's RAS that greatly enhance and extend its functionality. One new technology is the multilink dialing feature, which lets an NT 4.0 RAS client make multiple physical connections (via multiple RAS devices) and combine them into one logical connection. This feature is a boon to all RAS users because it provides a way to get virtually unlimited bandwidth on a RAS connection. For example, you can use two 28.8Kbps modems in a multilink RAS connection to create an effective bandwidth of 57.6Kbps. Multilink dialing also benefits ISDN users, who can now take advantage of both ISDN B channels to create 128Kbps ISDN connections. You can even combine ISDN and analog modem connections in a multilink RAS connection.

But wait--before you throw extra modems into your system to get faster RAS connections, you need to know an important fact: Both the RAS client and the RAS server must support multilink RAS or multilink PPP (MPPP). For example, if you use RAS to connect to your Internet Service Provider (ISP) but it doesn't support multilink connections, multilink RAS won't work. If you're an ISDN RAS user, you probably can take advantage of the multilink dialing feature because MPPP was originally developed with the ISDN community in mind and most ISP and corporate routers are MPPP capable. Analog modem users face tougher odds, however, because most ISPs don't currently use NT Server 4.0 or have MPPP support for modem-based connections.

Once you find a compatible server to connect with, implementing multilink RAS in NT 4.0 is a simple matter. To use multiple RAS devices to dial a phonebook entry, edit the phonebook entry and go to the Basic tab. In the Dial Using section, choose Multiple Lines. Now when you click the Configure button, you can choose which of your installed RAS devices to use with this connection (as shown in Screen 2).

Select the devices you want and the phone numbers the devices will dial. After you make a multilink RAS connection, NT automatically bundles the lines into one logical connection, and you're off and running.

PPTP Virtual Networks NT 4.0's RAS includes a beneficial new network protocol, the Point-to-Point Tunneling Protocol (PPTP). Despite all the talk about this new protocol, many users are still unclear about what PPTP is and what it does. In a nutshell, PPTP is a WAN protocol that lets a RAS client and server establish a secure connection over a TCP/IP connection such as the Internet.

Here's how PPTP works: First, a remote user establishes a connection to an IP-based internetwork (e.g., the Internet). Next, the user makes a second connection to an NT 4.0 RAS server running PPTP. The result is what Microsoft calls a VPN that uses PPTP over TCP/IP.

Still confused? Think about PPTP this way: With a regular PPP-based RAS connection (the kind you're probably used to), RAS clients communicate with the RAS server by transmitting LAN protocols such as NetBEUI, IPX, and TCP/IP inside PPP packets over analog, ISDN, or X.25 switched connections. However, rather than using a switched connection, PPTP uses your existing IP network connection (e.g., your connection to the Internet) as its WAN protocol to communicate with a PPTP-enabled RAS server. The "tunneling" part of PPTP's name comes from the fact that any of the LAN protocols can be encapsulated (or tunneled) inside PPTP packets. For example, with PPTP you can create a NetBEUI or an IPX-based connection to a corporate network over the Internet. If you explicitly enable encryption, PPTP encapsulates and encrypts the data in PPP packets and sends them as IP-based packets to the RAS server (as shown in Figure 1). Because the packets are encapsulated and encrypted, they are safe from prying eyes--an obvious concern for organizations that send data over the Internet.

The ramifications of this new technology are astounding. Now for the first time, organizations can leverage the Internet as a WAN backbone for secure remote network connections. This capability can provide substantial savings for businesses, compared to the cost of creating a private WAN over specialized equipment and dedicated lines. PPTP puts WAN connectivity within the reach of many smaller organizations that simply can't afford a private WAN.

Another interesting twist PPTP creates is the ability to physically separate the RAS server from remote access hardware. Organizations can outsource their dial-up network to a communications server or an ISP and maintain on their premises only a RAS server running PPTP. In this scenario, depicted in Figure 2, the service provider supplies dial-up connections to a PPTP-enabled NT RAS server, which in turn connects to the client organization's RAS PPTP server over an Internet-based PPTP tunnel. The client organization benefits because it no longer needs to maintain any remote access equipment. Using a service provider also enables non-PPTP-capable systems (e.g., systems not running NT 4.0) to make secure connections over standard PPP--the service provider's server maintains the secure PPTP connection to the RAS server on the client's behalf. In some cases, this approach also lets remote clients use local phone numbers rather than long distance or expensive 800 numbers to access the RAS server (depending on the access numbers the ISP provides). This facet of PPTP opens up a new outsourcing service opportunity for ISPs.

So what's the bad news? Well none, except that Microsoft currently supports PPTP on only NT 4.0: An NT 4.0 machine must be on each end of the connection. I expect Microsoft will eventually release a PPTP stack for its other operating systems, although I've found no information about expanded support.

PPTP Connection Tips As significant as PPTP technology is, you'd think Microsoft would have described it more clearly in NT 4.0's documentation. Unfortunately, the documentation on PPTP falls woefully short. The general descriptions of the technology are good, but the step-by-step details on setting up and connecting PPTP sessions are conspicuously absent. With that shortcoming in mind, here are a few tips for configuring and connecting RAS PPTP sessions. (For additional information about PPTP, see Mark Minasi, "Deciphering PPTP," December 1996).

The first step is to install the PPTP protocol via Control Panel's Network applet. In the Protocols tab, choose Add, and then select Point-to-Point Tunneling Protocol. Enter the maximum number of VPNs you want to let PPTP support (each RAS connection over PPTP constitutes one VPN). Because PPTP is implemented as a virtual RAS device, you also need to reconfigure RAS on your machine (in the Network applet's Services tab) and add your new PPTP RAS adapter. When you click Add for a new RAS device, you see a new choice in the RAS Capable Devices list that says RASPPTPM (or something similar); select and install this device.

Then you need to configure a dial entry to use it. First, select the protocols (IP, IPX, and NetBEUI) you want to tunnel over the PPTP connection (all selected protocols must be installed on the RAS PPTP server). Next, you must tell the dial entry how to connect to the PPTP RAS server. Enter the IP address of the PPTP RAS server in the phone number box (in the Basic tab) to enable the PPTP dial entry to find and connect to the server. (The documentation fails to tell you to do this step.)

Now you're ready to make the PPTP connection. First, use a DUN entry to dial the IP-based connection that both your PC and the PPTP RAS server are connected to. When you've made this connection, use your PPTP phonebook entry to dial. You must enter a username, password, and domain name to make the connection. Once these items are authenticated, you're on the network. Furthermore, you're communicating via the network protocols you selected in the PPTP entry's configuration, such as IPX or NetBEUI (not necessarily TCP/IP, unless that's one of the protocols you selected to tunnel; you can tunnel IP within IP using PPTP).

Another important new feature of NT 4.0's DUN is AutoDial, a dial-on-demand feature that lets NT automatically offer to dial a remote network connection via DUN when an application (or the user) attempts to access data on that network. For example, if your Internet mail program tries to access your ISP's mail server and you aren't connected, a dialog similar to the one in Screen 3 appears, and asks whether you want DUN to connect to the remote network. If you don't answer within 15 seconds, AutoDial applies the default answer: No, do not dial. AutoDial is intelligent; it remembers which DUN entries it uses to make which connections. So, if you answer Yes to the do-you-want-to-connect question, AutoDial completes the appropriate connection. This entire process is transparent to the background application that requests the data, and after the connection is made (assuming the program hasn't issued a time-out message), the application can then access the requested data.

Although the AutoDial feature is usually helpful, in some situations it's a nuisance. If an application running in the background continually attempts to connect to a remote machine on a network you don't really want to connect with at that moment, you'll quickly tire of the returning dialog that asks whether to dial the remote network. In this case, you can disable AutoDial for the current session by selecting the appropriate check box in the returning dialog. You also can configure AutoDial via several options: For example, you can disable AutoDial completely, or you can disable its prompt and have it automatically dial the remote connection without asking. You can also permanently disable the RAS AutoDial feature or disable it from only certain dialing locations. You can set up AutoDial to automatically redial on a link failure, an especially handy feature for NT systems that act as RAS routers to the remote networks or the Internet. To find these options, click the More button on the DUN main dialog and choose the User Preferences menu option.

Other New Features NT 4.0's RAS also presents a few new features that make RAS's configuration and administration much easier than before. DUN now supports the Win95-style Unimodem technology that comes with NT 4.0; consequently, DUN can leverage the same centralized modem configurations that all your other Win32 communications applications use. NT 4.0 includes a powerful new DUN Monitor utility, which provides a wealth of details and statistics about each individual RAS connection (e.g., bytes sent and received, device errors, compression statistics). The DUN Monitor also lets you disconnect RAS connections and view a summary of active and inactive lines. You can run the DUN Monitor from the Control Panel, but you can also configure it to run automatically when connections are made.

Despite its modest appearances, a lot of power lurks under the hood of NT 4.0's DUN. And due to the simplicity of the Windows Explorer interface, this power is easier than ever to access. Whether you use it for increased bandwidth or secure corporate network access over the Internet, NT 4.0 RAS has something for everyone.

Discuss this Article 20

Tim Ly (not verified)

on Aug 12, 1999

I read Sean Daily’s January article about NT 4.0 RAS. He mentioned that Microsoft provides a client RAS for Windows 95. Where can I get it, or is it the same as Dial-Up Networking (DUN)? Can I use Win95 DUN to employ the Internet as the backbone to connect back to an NT machine? Thanks.
--Tim Ly

Tim, yes, DUN is the RAS client I referred to in the article. Unfortunately, Microsoft hasn’t yet released a PPTP-enabled client for RAS/DUN, so you still can’t make a secure connection directly from a Win95 client to an NT Server. However, if that Win95 machine has an NT server running PPTP on its network, the Win95 client can connect to the remote NT/PPTP RAS server if the two NT/PPTP-enabled RAS machines have established a PPTP session over the Internet. I hope Microsoft will release a PPTP stack and upgraded version of DUN for Win95 in the near future, which will obviously make the process much easier.
--Sean Daily

I enjoyed Sean K. Daily’s article on NT 4.0 RAS. I have a 16-port digiboard hooked up to an NT 4.0 RAS machine. Can I use TCP/IP, but not allow DNS?
I want to let my users Telnet and use TCP/IP on our network, but I do not want them surfing the net if they know the DNS entries and have them on their client machine. (I took DNS off the RAS machine). Can I set up RAS to deny DNS capabilities no matter what the client is set up for?
--Michael Gottshall,

I don’t know of a way to prevent a DNS client resolver from pointing to a DNS server address, besides preventing IP-based access to that server (i.e., making sure there is no physical route between the client’s IP address and the DNS server address). If the user of a RAS client finds out your DNS server address and can access it via IP, they can point their DNS to it.
--Sean K. Daily

I’ve just finished reading Sean K. Daily’s RAS article. For the first time, I understand PPTP! Congratulations.
Maybe you can help with a problem setting up LAN-to-LAN routing with RAS. I run several NT 3 and NT 4 RAS systems (I’m converting, but it takes time). They provide access to the school intranet and to the Internet. People working from home heavily use the facility, and it provides network access to several very small, remote departments that have only plain old telephone connections.
The remote sites all have a small LAN with an NT 4 server and several Win95 clients. The NT 4 server has a modem and can use DUN to connect to the RAS service at the school. This setup works fine, but people prefer to access email from their Win95 client, which requires routing across the LAN to the NT server, then via the DUN-to-RAS connection to the school services.
I have failed to get this approach to work. I even set up a LAN at home to work on the problem away from the hassle of the site. Any help would be greatly appreciated.
—Peter Whitehead

Mark Minasi wrote a series of columns about what you are trying to do. Specifically, check “Unlock Your Gateway to the Internet” (June 1996) and Mark’s March and May 1996 columns (which are about NT 3.51 rather than NT 4.0). You can find online versions of these articles at http://www.winntmag.com/issues/frame.html

I read Sean Daily’s January article about RAS. Is it possible to call an Internet Service Provider (ISP) from Windows NT 4.0 RAS with analogic modems sharing the connection with other clients along my LAN? Do I need Exchange Server 5.0 for managing my Internet email messages in a centralized way?
--Roberto Rossi

Yes, you can use one modem as a RAS gateway to the Internet. You can either use NT RAS, or any of several third party routers that provide serial ports. For information about accomplishing this task with NT’s built-in RAS, see Mark Minasi’s June 1996 column, “Unlock Your Gateway to the Internet.”
For centralized email management, Exchange 5.0 is certainly a good solution, but Exchange is not your only choice. You can use a standard Post Office Protocol 3 (POP3)/Simple Mail Transfer Protocol (SMTP) mail server such as Post.Office or NTMail, or even the mail server that ships with the Microsoft Windows NT Server Resource Kit for NT 4.0.
--Sean Daily

I saw Sean Daily’s January article, “What’s New in Windows NT 4.0 RAS?” and have a question. I am running NetWare 3.12 on a server with Windows NT 3.51 on the workstations. We are using Remote Access Service (RAS) to dial out through a communications server with a NetWare Asynchronous System Interface (NASI) redirector called WIN2NCS version 2.10. I have installed Service Pack 5 (SP5) for NT Workstation 3.51, but my system locks up when I disconnect from RAS. I am using Netscape 2.0 to access the Internet. I would appreciate any solutions you can offer.
--Chris

Although I’m not directly familiar with the product you’re using, apparently, Novell is aware of the problem and a fix is in the works. A search of Novell’s site revealed the following information on your version, and it seems to be directly related to your problem:

“Symptom [Among the enhancements and fixes present in this version.] Windows NT is now supported on a limited basis. Some of the new Remote Control applications for Windows NT may not work completely with WIN2NCS. Also, there is still a known issue when disconnecting from an Internet Service Provider (ISP). The disconnect may cause an endless loop situation and the NT station will have to be restarted. These issues are currently under investigation.”--Sean Daily

I connect two modem in COm1 and Com2. I want that my RAS clients will be authenticated from an external datbase running on SQL , or if I install an authentication software, how can I tell NT that my RAS client will be authenticate by that software not by NT itself.

I saw Sean K. Daily’s article, “What’s New in Windows NT 4.0 RAS?” (January 1997). Thank you for explaining PPTP. The NT 4.0 DUN autodial feature is cool, but do you know of a way to autodisconnect after X minutes of idle time?
--Rob van Kuijk, Amsterdam

Thanks for your feedback. Yes, you’ll find RAS’s autodisconnect option by clicking More in the DUN main dialog box, choosing User Preferences, and selecting the Dialing tab. The option to set is Idle seconds before hanging up. For example, to auto-disconnect after 5 minutes of inactivity, enter 300 for the number of seconds.
--Sean K. Daily

I read Sean Daily’s January article, “What’s New in Windows NT 4.0 RAS?” and found it informative. If I have a couple (or several) networks, each connected to the Internet via an Internet Service Provider (ISP) and want a secure connection between the networks, what options, besides installing a leased line, are available? Can I use PPTP via my network interface, as opposed to a serial interface? Thank you.
--Stephen Bozarth

In fact, Point-to-Point Tunneling Protocol (PPTP) was designed to do exactly what you describe. PPTP is a high-level protocol that doesn’t infer or require a dial-up connection; it works with any existing IP connection (whether nailed-up or dial-on-demand) as an encapsulation technology to create secure, private channels through which you can tunnel other protocols. In your situation, you need to implement NT RAS servers running PPTP at each location and then create a virtual WAN via PPTP connections between these servers. For multiple connections between servers, you need to tell NT to allow for x (where x is the total number of point-to-point connections you need to establish using that RAS server) Virtual Private Networks (VPNs) when you install PPTP.
--Sean Daily

Clients could dial to my NT dial-up server and browse the local network but they cannot browse the internet. Meanwhile you can browse the internet on the server itself. Can someone help me to resolve this?

I’ve been using NT 4.0’s DUN for some time now and enjoyed Sean K. Daily’s January article. One thing has been annoying me, though: I really like to hear the dialing tones and modem negotiation beeps and bloops (they give me a reassuring feeling that something is happening). But my modem’s speaker gets turned off as soon as the modem hears the dialtone (i.e., before it dials the phone number).
I tried setting M1L3 in the Extra settings field in the Advanced Connection Settings dialog box in the Modems Control Panel, but that setting made no difference. How can I make my modem speaker stay on during dialing and negotiation?
--Peter C. Vernam,

I have experienced similar problems. The solution (if you are using Unimodem drivers and not the old modem.inf file entries) is to edit the section of the Registry pertaining to your modem’s Unimodem driver. I don’t know your modem brand, so I can’t tell you the exact Registry key; however, you should get close enough to find it if you use the following entry (or use the regedit.exe editor’s Find command to search for a string that includes something about your modem’s name):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class

Under this key are some unintelligible codes (e.g., {4D36E351=…}), one of which represents the Unimodem driver class (which includes all installed Unimodem devices). You can find the section related to your modem. Under that key (which may have a name of 0000) will be various sections relating to the modem, including Init. It will have some values that are the initialization strings for your modem. You can add your L3 statement here, or perhaps in one of the other subkeys of this tree. Good luck, and thanks for your feedback.
--Sean K. Daily

I read Sean K. Daily’s January article. I’m hoping you can provide a quick answer to a problem.
As an alternative to pcANYWHERE, our company wants to use RAS. We have one base station (in Boulder, Colorado) and one remote station (in New York), both running NT Workstation. (We don’t have a third computer running Server. We’re a small company just scraping by right now!) When we’re trying to access the base computer from the remote or vice versa, RAS will answer the phone. But after we go into the Network Neighborhood screens, we eventually get a message that domain information cannot be found (or something to that effect). I’m assuming we get this message because we do not have Server running.
Can we get this configuration running RAS without Server? If so, can you tell me how or where to go for this information? I can’t find an answer in any of the documentation.
--Alex Kramarchuk,

Be careful about using RAS as a replacement for a remote control product. RAS is a remote access product. Although pcANYWHERE/32 gives you an interface to use RAS through, the two have unique functionality. Remote control lets you take over a foreign host machine (over a modem, ISDN, TCP/IP, IPX, or other connection type), and remote access lets you access a foreign network as a remotely connected node.
Modem-based RAS is good for basic (low-bandwidth) network functionality such as email, scheduling, and small file transfers but isn’t good for running applications remotely. This capability is for remote control products such as pcANYWHERE. Unfortunately, the machine you take over will be unusable to a local person on the other end, so the appropriate choice often depends on the logistics of your situation.
The situation is not either/or: You can run a program such as pcANYWHERE over a RAS connection. You dial in to a RAS server, obtain a protocol such as TCP/IP (recommended with pcANYWHERE), and then fire up pcANYWHERE and connect via TCP/IP instead of via modem.
As to your RAS problem, perhaps the workgroup names are set differently on the two machines. Verify that they have the same workgroup name set.
--Sean K. Daily

A coworker and I were reading Sean K. Daily’s RAS article and have a question. The multilink section talks about finding a compatible server to connect with and implementing multilink RAS. Well, we can’t find the Basic tab Daily mentions. We both have multiple modems installed (one ISDN and one 28.8Kbits per second) and have poked every button and screen imaginable. Can you help us, please?
—Curtis McConville,

You can find the Basic tab in the dialog box that appears when you choose More, Edit entry, and Modem Properties from the DUN main window. To select multiple adapters (multilink RAS connection), select Multiple Lines from the list of choices in the Dial using box. Choosing Configure at that point lets you individually select which RAS devices to use for that entry.
--Sean K. Daily

Microsoft Stack Master Class

Understand the complete Microsoft solution stack, how the products work together, and how to implement and maintain for a total datacenter and desktop solution. This course covers the latest technology updates including Windows Server 2016 and Windows 10 and will enable the new capabilities to be leveraged in your organization.